Still using that tired and worn out password to log onto your PC? Is your mother’s maiden name still the main prompt you use to log on and check your credit card statement? Worried that the PIN number you use to access your online banking is the same PIN you’ve given the children to access the Sky Digibox? You should be. The fact is that as individuals, we are not doing enough to guarantee user authentication. And if you think that’s bad, the situation in organisations is even worse.

Most organizations—from multinational corporates to small businesses—still exclusively rely on the user name and password as a mechanism to control the way employees, contractors, partners and customers gain access to corporate information assets. The result being that these organisations are exposing themselves to cyber terrorism, which includes everyone from the most malevolent terrorist to the basement hacker. Their aim: to sit on your doorstep and undermine and destroy the fabric of your organisation.

Threats against passwords are increasing as they are perceived as the more vulnerable security aspect of IT infrastructures and are therefore inadequate in securing an IT system.

So why isn’t more being done to overcome the cyber terrorism threat? After all, following the terrorist attacks in New York and London, Governments are being especially diligent in its duties to combat everyday terrorist threats—so why isn’t business doing more?

One of the main reasons we are in this maelstrom is that—until now—technology has been a barrier to cost-effective and practical user authentication. Solutions in the market today are both prohibitively expensive and take too long to deploy and manage. The second reason is complacency. Many organisations do not perceive there to be a real threat. Corporate governance regulations, such as Sarbanes-Oxley, are starting to have an impact, but there remains a lack of urgency.

Some organizations have taken the matter into their own hands and simply made passwords longer, or require employees to change them more frequently. This is not a good idea as the employee will just forget the password or write the password down, therefore compromising security in a different way,

Almost 90 percent of organizations today still rely on user name and password for user authentication. The result is that they have very little control over who has access to their systems, the degree of access people have, and who gives the approval for that access. A few organisations have reached the second phase of user authentication: they know who’s coming in and what they are accessing, because the organisation has controls over authentication. But, it’s a reactive policy. They can only report on what the intruder or innocent user has seen. Nothing more, nothing less.

Centralised, Best Practice Identity Management

So what is the solution? To effectively combat the very real threat of cyber terrorism in the business community, each and every organization needs to adopt a centralised, best practice approach to the way identities and access privileges are managed. In other words, the proactive, real-time monitoring of every aspect of user authentication. It represents good governance. For example, when a new finance employee joins the organisation, they should be denied access privileges to both the creation and payment of invoices. There should be an enforcement policy in place which means they need to seek approval prior to this privilege being accepted.

Spotlight

(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Learn about personal data bankruptcy and the cost of privacy, security and compliance, delivering digital security to a mobile world, and much more.

As ISPs, hosting providers and online enterprises around the world continue suffering the effects of DDoS attacks, often the discussions that follow are, “What is the best way to defend our networks and our customers against an attack?”

The code redirects visitors to another URL where the Fiesta exploit kit is hosted, which then tries to detect and exploit several vulnerabilities in various software. If it succeeds, the visitors are saddled with a banking Trojan.

Looking for an Android-based tablet for your child but don't know which one to choose? If you are concerned about the device's protection against random hackers, Bluebox Security has just released a review of the nine most popular Android tablet models aimed specifically at children.